From aa82f6bea80a8aefc9d89df884067894c8854934 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 13 Dec 2022 23:25:27 +0100
Subject: [PATCH] auth: lmdb, fix TSIG key removal

---
 modules/lmdbbackend/lmdbbackend.cc  |  7 ++++---
 regression-tests.api/test_TSIG.py   | 12 +++++++-----
 regression-tests.api/test_helper.py | 14 --------------
 3 files changed, 11 insertions(+), 22 deletions(-)

diff --git a/modules/lmdbbackend/lmdbbackend.cc b/modules/lmdbbackend/lmdbbackend.cc
index c5f1bb7827..82161e769f 100644
--- a/modules/lmdbbackend/lmdbbackend.cc
+++ b/modules/lmdbbackend/lmdbbackend.cc
@@ -1830,8 +1830,9 @@ bool LMDBBackend::setTSIGKey(const DNSName& name, const DNSName& algorithm, cons
   auto txn = d_ttsig->getRWTransaction();
 
   for (auto range = txn.equal_range<0>(name); range.first != range.second; ++range.first) {
-    if (range.first->algorithm == algorithm)
-      range.first.del();
+    if (range.first->algorithm == algorithm) {
+      txn.del(range.first.getID());
+    }
   }
 
   TSIGKey tk;
@@ -1850,7 +1851,7 @@ bool LMDBBackend::deleteTSIGKey(const DNSName& name)
   TSIGKey tk;
 
   for (auto range = txn.equal_range<0>(name); range.first != range.second; ++range.first) {
-    range.first.del();
+    txn.del(range.first.getID());
   }
   txn.commit();
   return true;
diff --git a/regression-tests.api/test_TSIG.py b/regression-tests.api/test_TSIG.py
index 9dabb5fca0..83b99587a5 100644
--- a/regression-tests.api/test_TSIG.py
+++ b/regression-tests.api/test_TSIG.py
@@ -4,7 +4,7 @@ import time
 import unittest
 from copy import deepcopy
 from pprint import pprint
-from test_helper import ApiTestCase, unique_tsigkey_name, is_auth, is_auth_lmdb, is_recursor, get_db_tsigkeys
+from test_helper import ApiTestCase, unique_tsigkey_name, is_auth, is_recursor
 
 class AuthTSIGHelperMixin(object):
     def create_tsig_key(self, name=None, algorithm='hmac-md5', key=None):
@@ -76,10 +76,12 @@ class AuthTSIG(ApiTestCase, AuthTSIGHelperMixin):
         name, payload, data = self.create_tsig_key()
         r = self.session.delete(self.url("/api/v1/servers/localhost/tsigkeys/" + data['id']))
         self.assertEqual(r.status_code, 204)
-
-        if not is_auth_lmdb():
-            keys_from_db = get_db_tsigkeys(name)
-            self.assertListEqual(keys_from_db, [])
+        r = self.session.get(self.url(
+            "/api/v1/servers/localhost/tsigkeys"),
+            headers={'accept': 'application/json'})
+        self.assertEqual(r.status_code, 200)
+        keys = r.json()
+        self.assertEqual(len([key for key in keys if key['name'] == name]), 0)
 
     def test_put_key_change_name(self):
         """
diff --git a/regression-tests.api/test_helper.py b/regression-tests.api/test_helper.py
index 0618bd9478..2e2618f231 100644
--- a/regression-tests.api/test_helper.py
+++ b/regression-tests.api/test_helper.py
@@ -121,17 +121,3 @@ def sdig(*args):
         return subprocess.check_output(sdig_command_line).decode('utf-8')
     except subprocess.CalledProcessError as except_inst:
         raise RuntimeError("sdig %s failed: %s" % (sdig_command_line, except_inst.output.decode('ascii', errors='replace')))
-
-def get_db_tsigkeys(keyname):
-    db, placeholder = get_auth_db()
-    cur = db.cursor()
-    cur.execute("""
-        SELECT name, algorithm, secret
-        FROM tsigkeys
-        WHERE name = """+placeholder, (keyname, ))
-    rows = cur.fetchall()
-    cur.close()
-    db.close()
-    keys = [{'name': row[0], 'algorithm': row[1], 'secret': row[2]} for row in rows]
-    print("DB TSIG keys:", keys)
-    return keys
-- 
2.47.2